Cisco: >> Anyconnect Secure Mobility Client Security Vulnerabilities
Directory traversal vulnerability in Cisco AnyConnect Secure Mobility Client 4.0(2049) allows remote head-end systems to write to arbitrary files via a crafted configuration attribute, aka Bug ID CSCut93920.
CVSS Score
6.4
EPSS Score
0.005
Published
2015-08-01
The kernel extension in Cisco AnyConnect Secure Mobility Client 4.0(2049) on OS X allows local users to cause a denial of service (panic) via vectors involving contiguous memory locations, aka Bug ID CSCut12255.
CVSS Score
4.9
EPSS Score
0.001
Published
2015-07-29
Cisco AnyConnect Secure Mobility Client 3.1(60) on Windows does not properly validate pathnames, which allows local users to gain privileges via a crafted INF file, aka Bug ID CSCus65862.
CVSS Score
7.2
EPSS Score
0.001
Published
2015-06-24
Cisco AnyConnect Secure Mobility Client before 3.1(8009) and 4.x before 4.0(2052) on Linux does not properly implement unspecified internal functions, which allows local users to obtain root privileges via crafted vpnagent options, aka Bug ID CSCus86790.
CVSS Score
7.2
EPSS Score
0.001
Published
2015-06-04
The Posture module for Cisco Identity Services Engine (ISE), as distributed in Cisco AnyConnect Secure Mobility Client 4.0(64), allows local users to gain privileges via unspecified commands, aka Bug ID CSCut05797.
CVSS Score
6.8
EPSS Score
0.001
Published
2015-05-29
The IPC channel in Cisco AnyConnect Secure Mobility Client 4.0(.00051) and earlier allows local users to write to arbitrary userspace memory locations, and consequently gain privileges, via crafted messages, aka Bug ID CSCus79195.
CVSS Score
4.3
EPSS Score
0.001
Published
2015-03-18
Cisco AnyConnect Secure Mobility Client 4.0(.00051) and earlier does not properly implement access control for IPC messages, which allows local users to write to arbitrary files via crafted messages, aka Bug ID CSCus79392.
CVSS Score
6.6
EPSS Score
0.001
Published
2015-03-17
The Hostscan module in Cisco AnyConnect Secure Mobility Client 4.0(.00051) and earlier allows local users to write to arbitrary files via crafted IPC messages, aka Bug ID CSCus79173.
CVSS Score
6.6
EPSS Score
0.001
Published
2015-03-17
Cisco AnyConnect Secure Mobility Client 4.0(.00051) and earlier allows local users to gain privileges via crafted IPC messages that trigger use of root privileges for a software-package installation, aka Bug ID CSCus79385.
CVSS Score
7.2
EPSS Score
0.001
Published
2015-03-17
Cross-site scripting (XSS) vulnerability in Cisco AnyConnect Secure Mobility Client 3.1(.02043) and earlier and Cisco HostScan Engine 3.1(.05183) and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving an applet-path URL, aka Bug IDs CSCup82990 and CSCuq80149.
CVSS Score
4.3
EPSS Score
0.003
Published
2015-02-03